FirstBlood-#441Reflected XSS on the /login.php endpoint with the goto vulnerable parameter
This issue was discovered on FirstBlood v2

On 2021-10-25, johandu97 Level 4 reported:


Improper input validation leads to attackers injecting malicious characters causing XSS vulnerabilities


  1. Hi @zseano, I found reflected xss on /login.php endpoint with goto vulnerable parameter
  2. Use payload to bypass filter: test123"><scrip<script>t>aleralertt%601%60</scrip</script>t>, xss is executed


Validate/santize malicious inputs that cause xss like < > ' " ...

P3 Medium

Endpoint: /login.php

Parameter: goto

Payload: test123"><scrip<script>t>aleralertt`1`</scrip</script>t>

FirstBlood ID: 26
Vulnerability Type: Reflective XSS

The developers thought they had fixed ?goto= when reflected in an input tag on login.php from a similar bug (ID 39), but because this endpoint uses legacy code their changes were not applied here and thus the XSS was forgotten.